whitehats.com (was RE: [Snort-users] Description Database for all these attacks?)

Max Vision vision at ...4...
Wed Jul 19 22:42:06 EDT 2000


On Thu, 20 Jul 2000, David Khoury wrote:
>  It's an interesting web page, but still isn't complete as far as the snort
> database is concerned.  It certainly doesn't have anything on the "SMB Name
> Wildcard" option, and why I'm picking up so many of these packets directed
> to my proxy server.
> 
arachNIDS contains several entries regarding this vulnerability:

http://dev.whitehats.com/IDS/177 (netbios-name-query, Max Vision)
http://dev.whitehats.com/IDS/204 (NT NULL session, Ian Vitek)

>  It would be worth setting one up on the Snort web page specifically for
> snort stuff.  I'd be willing to volunteer setting it up and entering in
> details.
> 
Cool!  Please check out the submission form at:
http://dev.whitehats.com/ids/submit.html

I know the community would appreciate your help with the documentation
effort.  Sometimes it's a lot of fun, but usually I just don't have time
to do writeups for each thing that comes along.  Let me know if I can be
of any assistance!  I look forward to seeing your stuff! :)

Max Vision
http://whitehats.com/





More information about the Snort-users mailing list